majic-ansible-roles Changeset

Changeset - 0bc967a67750

Parent rev.

Child rev.

[Not reviewed]

0 5 0

Branko Majic (branko) - 3 years ago 2021-01-12 23:53:46
branko@majic.rs

MAR-163: Reformat multiple skip-QA directives and remove some unnecessary ones:

- Update codes used to identify the disabled QA checks.
- Switch to using new syntax that disables only a specific QA check
instead of all of them on a single task.
- Drop disabling QA checks related to octal file permissions (this was
most likely bug in older versions of ansible-lint).

5 files changed with 20 insertions and 36 deletions:

roles/backup_server/tasks/main.yml

roles/common/tasks/main.yml

roles/database_server/tasks/main.yml

roles/ldap_server/tasks/main.yml

roles/wsgi_website/tasks/main.yml

0 comments (0 inline, 0 general)

roles/backup_server/tasks/main.yml

➞

Show inline comments

@@ @@ -14,11 +14,6 @@ @@
     owner: root
     group: root
     mode: 0751
   tags:
     # [ANSIBLE0009] Octal file permissions must contain leading zero
     #   Misleading message, linting is complaining here actually because of the
     #   executable bit without read/write for others (e.g. the "1" in "0751").
     - skip_ansible_lint
 - name: Create backup client groups
   group:
@@ @@ -65,11 +60,6 @@ @@
     group: root
     mode: 0751
   with_items: "{{ backup_clients }}"
   tags:
     # [ANSIBLE0009] Octal file permissions must contain leading zero
     #   Misleading message, linting is complaining here actually because of the
     #   executable bit without read/write for others (e.g. the "1" in "0751").
     - skip_ansible_lint
 - name: Populate authorized keys for backup client users
   authorized_key:

roles/common/tasks/main.yml

➞

Show inline comments

@@ @@ -174,15 +174,14 @@ @@
   with_dict: "{{ ca_certificates }}"
   register: deploy_ca_certificates_result
 - name: Update CA certificate cache
 - name: Update CA certificate cache  # noqa 503
   # [503] Tasks that run when changed should likely be handlers
   #   CA certificate cache must be updated immediatelly in order for
   #   applications depending on deployed CA certificates can use them to
   #   validate server/client certificates.
   command: "/usr/sbin/update-ca-certificates --fresh"
   when: deploy_ca_certificates_result.changed
   tags:
     # [ANSIBLE0016] Tasks that run when changed should likely be handlers
     #   CA certificate cache must be updated immediatelly in order for
     #   applications depending on deployed CA certificates can use them to
     #   validate server/client certificates.
     - skip_ansible_lint
 - name: Install ferm (for firewall management)
   apt:

roles/database_server/tasks/main.yml

➞

Show inline comments

@@ @@ -78,17 +78,15 @@ @@
     mode: 0644
   register: mariadb_utf8_configuration
 - name: Restart MariaDB in order to use UTF-8 as default character set
 - name: Restart MariaDB in order to use UTF-8 as default character set  # noqa 503
   # [503] Tasks that run when changed should likely be handlers
   #   UTF-8 configuration must be applied immediatelly in order to ensure that
   #   subsequent tasks that create databases will end-up with correct (UTF-8)
   #   encoding. Otherwise they will be created using default latin1.
   service:
     name: mysql
     state: restarted
   when: mariadb_utf8_configuration.changed
   tags:
     # [ANSIBLE0016] Tasks that run when changed should likely be handlers
     #   UTF-8 configuration must be applied immediatelly in order to ensure that
     #   subsequent tasks that create databases will end-up with correct (UTF-8)
     #   encoding. Otherwise they will be created using default latin1.
     - skip_ansible_lint
 - name: Explicitly run all handlers
   include: ../handlers/main.yml

roles/ldap_server/tasks/main.yml

➞

Show inline comments

@@ @@ -26,17 +26,15 @@ @@
     groups: ssl-cert
   register: openldap_in_ssl_cert
 - name: Restart slapd if group membership has changed (apply immediatelly)
 - name: Restart slapd if group membership has changed (apply immediatelly)  # noqa 503
   # [503] Tasks that run when changed should likely be handlers
   #   In order to be able to change LDAP server TLS configuration, it must be
   #   able to read both the private key and certificate. Therefore we need to
   #   immediatelly restart (since configuration is done live on the server.
   service:
     name: slapd
     state: restarted
   when: openldap_in_ssl_cert.changed
   tags:
     # [ANSIBLE0016] Tasks that run when changed should likely be handlers
     #   In order to be able to change LDAP server TLS configuration, it must be
     #   able to read both the private key and certificate. Therefore we need to
     #   immediatelly restart (since configuration is done live on the server.
     - skip_ansible_lint
 - name: Install Python LDAP bindings
   apt:

roles/wsgi_website/tasks/main.yml

➞

Show inline comments

@@ @@ -314,7 +314,10 @@ @@
   tags:
     - handlers
 - name: Add service to list of WSGI services to restart
 - name: Add service to list of WSGI services to restart  # noqa 503
   # [503] Tasks that run when changed should likely be handlers
   #   This specific task is used in order to work around inability of Ansible
   #   to provide properly parametrised handlers for reusable roles.
   set_fact:
     wsgi_services_to_restart: "{{ wsgi_services_to_restart + [ fqdn ] }}"
   when: |
@@ @@ -327,10 +330,6 @@ @@
     (run_handlers | default(False) | bool()))
   tags:
     - handlers
     # [ANSIBLE0016] Tasks that run when changed should likely be handlers
     #   This specific task is used in order to work around inability of Ansible
     #   to provide properly parametrised handlers for reusable roles.
     - skip_ansible_lint
 - name: Explicitly run all handlers
   include: ../handlers/main.yml

0 comments (0 inline, 0 general)